package com.test.study.jdbc;

import org.junit.Test;

/**
 * 演示SQL注入
 * @author huyong
 *
 */
public class JdbcSqlInjection {
	@Test
	public void testLogin() {

		UserLoginDemo userLoginDemo = new UserLoginDemo();
		//boolean login = userLoginDemo.login("aaa", "123");//select * from user_test where username='aaa' and password='444' 正常的
		//以下是SQL注入的演示
		//boolean login = userLoginDemo.login("aaa ' or '1=1", "ttteff");//select * from user_test where username='aaa ' or '1=1' and password='ttteff' 通过知道用户名就可以登录了 登录成功了
		boolean login = userLoginDemo.login("aaa ' -- ", "ttteff");// select * from user_test where username='aaa ' -- ' and password='ttteff'  登录成功了 -- 相当于将后面的 and password='ttteff'  注释掉了
		System.out.println(login == true ? "登录成功" : "登录失败");
	}
	/**
	 * 解决了注入之后的
	 */
	@Test
	public void testLogin2() {

		UserLoginDemo userLoginDemo = new UserLoginDemo();
		boolean login = userLoginDemo.login("aaa", "123");//select * from user_test where username='aaa' and password='444' 正常的
		//以下是SQL注入的演示
		//boolean login = userLoginDemo.login2("aaa ' or '1=1", "ttteff");//select * from user_test where username='aaa ' or '1=1' and password='ttteff' 通过知道用户名就可以登录了 登录成功了
		//boolean login = userLoginDemo.login2("aaa ' -- ", "ttteff");
		System.out.println(login == true ? "登录成功" : "登录失败");
	}

}
